SOC 2
Type II · 2026-Q1
Home/Trust
The trust layer, shown.
Every claim on this site has receipts. Audit chain, GDPR posture, EU AI Act register, certifications, sub-processors — all in one place.
Certifications
Audited, signed, current.
Each certification below has a current report or attestation. We'll send the artifacts under NDA.
ISO 27001
Certified · BSI
GDPR
EU controller-of-record
EU AI Act
High-risk register live
HIPAA
BAA available
eIDAS
Qualified timestamps
The Audit Chain
Every event signed, linked, yours to verify.
Each transformation appends a SHA-256-signed entry. The root is anchored daily to a qualified eIDAS timestamp authority.
Compliance Posture
One row per regulator.
Where each regime fits in. Each entry has a contact at AVA Research who owns the controls behind it.
GDPR
Controller-of-record + DPA on request. Right-to-erasure cascades to derivatives. EU-only data residency by default.
EU AI Act
Annex III high-risk register live. Reviewer attribution and rationale on every automated decision. Public summary opt-in.
HIPAA
BAA available on Industry. Safe Harbor + Expert Determination engines. PHI access logged with reason-codes.
DORA
ICT third-party register pre-validated. Operational resilience tests quarterly. Incident reporting templates included.
SOC 2
Type II for Security and Availability. Report under NDA. Continuous monitoring + manual quarterly review.
ISO 27001
Certified by BSI. SoA on request. ISMS reviewed annually. Annex A controls mapped to internal policies.
Sub-processors
Who else touches the data.
Updated 2026-Q2. Subscribe to changes via the DPA addendum.
Want the full trust pack?
DPA, SOC 2 Type II report, ISO 27001 certificate, sub-processor change feed. We send the bundle under NDA — usually same-day.